Browse by Tags

Two years ago I released the first version of the SSLChainSaver tool. This tool helps you diagnose and repair SSL problems on Windows Mobile devices. After a very long delay, Version 2 is now up on the Microsoft download center. I wasn't able to release the source code this time. The usage instructions...

I have been working on this post slowly for several days, but Reed and Steve are seriously kicking my butt on posting solid developer-focused technical security content. Read their blog - they covered a lot of this material sooner and better than I did.
Some non-touchscreen Windows Mobile devices...

As faithful blog readers already know, there were several limitations related to certificates that caused tons of customer pain on WM5. Now that WM6 is public, it gives me great pleasure to announce the following changes that we made in WM6:
Certificate Installer built into the platform
Installs...

Say hello to the SslChainSaver tool. This is a tool that I wrote internally to troubleshoot SSL connections and I'm finally able to offer it publically. Use this tool when you want to to add new root or intermediate certificates to a device for an SSL connection.
Features:
- makes CertificateStore...

I'm trying to gather some additional data to help address this problem. If you've had trouble syncing to the exchange server because you couldn't add root certs, can you please give me this information:
- Was this a self-signed certificate or was it purchased from an SSL vendor?
- If purchased...

What are the different Certificate stores on Windows Mobile? ROOT This store contains root certificates. They are primarily used for SSL chain validation. This store can be inspected via the Certificates Control Panel page.This store has NOTHING to do with code execution.
MY
This store contains...

A few weeks ago I wrote about constructing CertificateStore XML by hand. You have to open up the certificate in the browser, and export it as base64 XML, and it's a pain.
Here's a Powershell script that makes it much easier. Just pass it the name of a certificate file on the command line and it will...

Advanced issues you might run into when trying to add your own SSL certificates to the device for browsing or Exchange ActiveSync. (summary and discussion of the core problem here )
Some servers do not send down the entire certificate chain at the beginning of the SSL session. This is a configuration...

This post will explain how to install a root cert on a one tier device via a CAB file. For explanations of why you would want to add a root cert and alternate methods of doing so, see the discussion of root certs with Exchange ActiveSync. This method will work for any one-tier prompt device, including...

Certificates (SSL)
Q: What is required to install a new certificate to the ROOT store? A: Adding ROOT certificates currently requires trusted code or manager access. On most Pocket PC devices this won't be a problem, but some Smartphone devices are deployed in a restricted configuration where this...

How can I add root certs to my Windows Mobile 5.0 device?
In WM 5.0, the certchk tool no longer works for disabling SSL certificate verification on the Exchange ActiveSync connection. What are the options for secure connections to the server?
- Buy a SSL certificate from a major vendor. You...